View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001387 | Community.cacert.org | misc | public | 2015-06-29 12:56 | 2019-09-08 21:24 |
Reporter | L10N | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | won't fix | ||
OS | Windows | OS Version | Vista Business | ||
Summary | 0001387: Voting System no more accessible with Firefox 38.0.5 | ||||
Description | While trying to access https://community.cacert.org:443/board/vote.php?motion=123&vote=1 (123 can by any number), Firefox ask for a certificate. After, it gives the following error message: ------------------------ Fehler: Gesicherte Verbindung fehlgeschlagen Ein Fehler ist während einer Verbindung mit community.cacert.org aufgetreten. Neuverhandlung ist auf diesem SSL-Socket nicht erlaubt. (Fehlercode: ssl_error_renegotiation_not_allowed) Die Website kann nicht angezeigt werden, da die Authentizität der erhaltenen Daten nicht verifiziert werden konnte. Kontaktieren Sie bitte den Inhaber der Website, um ihn über dieses Problem zu informieren. Diesen Fehler melden ▼ Das Melden der Adresse und der Zertifikatsinformationen für community.cacert.org hilft uns, bösartige Seiten zu erkennen und zu blockieren. Vielen Dank für Ihre Unterstützung beim Schaffen eines sicheren Internets! Fehler automatisch melden Weitere Informationen… Bericht gesendet ---------------------------------- TLS-Fehlerberichte Wenn eine von Ihnen besuchte Website versucht, eine sichere Verbindung zu Ihrem Rechner aufzubauen, überprüft Firefox diese, um sicherzustellen, das das Zertifikat und die Methode, die von der Website verwendet werden, sicher sind. Manche Websites versuchen, einen veralteten (und nicht mehr sicheren) TLS-Mechanismus zu verwenden, um Ihre Verbindung zu sichern. Firefox schützt Sie, indem die Navigation zu solchen Seiten verhindert wird, wenn beim Aufbauen einer sicheren Verbindung ein Problem auftritt. Wenn das geschieht, sehen Sie eine Fehlerseite, auf der Sie die Option haben, Mozilla den Fehler zu melden. Gesicherte Verbindung fehlgeschlagen - Fehler melden Wenn Sie dieses Problem feststellen, kontaktieren Sie die Besitzer der Website und bitten Sie diese, ihre TLS-Version auf eine aktuelle und sichere zu aktualisieren. ----------------------- | ||||
Additional Information | With Internet Explorer, access is OK. With Chrome, access is OK. | ||||
Tags | No tags attached. | ||||
|
Steps to reproduce: 1. Warning page 2. clickk on advanced 3. accept CAcert 4. error message as copied in description field. |
|
Additional information: The same happend with the URL - https://community.cacert.org/board/vote.php - https://community.cacert.org/board but not with - https://community.cacert.org (it gives access to the roundcube webmail and works properly) |
|
On 2016-12-11 someone wrote on cacert-board@lists.cacert.org: "Does anyone know how to turn off the re-negotiation ban in either Chrome or Firefox? I'm trying to access motions e.g., below and it blocks for both browsers." I asked him to have a look to this bug. Could it be the same? He answers: "Yes. Not sure of the german text, but it's the same issue in that once the server-side cert is accepted, the server does a re-negotiation request for the client cert. Which breaks because re-negotiation is no longer supported (I guess). The reason I suspect this is because PD wrote the voting thing, and the code I used from him for fiddle had the same thing - renegotiation was required during the client cert phase. I wasn't able to isolate that part of the code and fix it at the time. So I'm assuming the vote.php thing has the same layout. Just speculation. So, fix the vote.php thing to not use renegotiation ... Not sure if this is possible?" |
|
OS: Ubuntu 16.04 Browser: Firefox 50.1 |
|
Someone mentioned that it is how the certificates are created makes a difference. It works "to use openssl to create key and csr, like this: openssl req -newkey rsa:4096 -passout stdin -keyout private.key -out server.csr Immediately after entering the command a passphrase for the key must be entered. The data for CSR is mostly not of interest, besides the email address which is the key for our signer (IIRC). There are variants of openssl commands which create a CSR from existing keys. The builtin help of openssl provides more information." (As I an bot technician, I do not understand, what I copied above.) Firefox is not working with our motion system (but all other CAcert pages do here). Someone tells me that Chrome/Chromium works on Linux and Windows with certificates created with openssl. As I create my certificates on cacert.org, and this is broken partially (only Firefox works; see ticket 1417), I got in a hell of a mess. |
|
Firefox 54.0.1 / Windows 10 Error message (original in german): Fehler: Gesicherte Verbindung fehlgeschlagen Ein Fehler ist während einer Verbindung mit community.cacert.org aufgetreten. Neuverhandlung ist auf diesem SSL-Socket nicht erlaubt. Fehlercode: SSL_ERROR_RENEGOTIATION_NOT_ALLOWED Die Website kann nicht angezeigt werden, da die Authentizität der erhaltenen Daten nicht verifiziert werden konnte. Kontaktieren Sie bitte den Inhaber der Website, um ihn über dieses Problem zu informieren. Translated by Google: Error: Secure connection failed An error occurred during a connection to community.cacert.org. Renegotiation is not allowed on this SSL socket. Error code: SSL_ERROR_RENEGOTIATION_NOT_ALLOWED The site can not be displayed because the authenticity of the data obtained could not be verified. Please contact the owner of the website to inform him of this problem. |
|
Microsoft Edge 40.15063.0.0 / Windows 10: works well Vivaldi 1.10.8 / Windows 10: ERR_TIMED_OUT Opera 43.0 / Windows 10: works well |
|
The old voting system has been replaced by a new one at motion.cacert.org Programming by JanDD from infra, used by board for now two meetings. |
Date Modified | Username | Field | Change |
---|---|---|---|
2015-06-29 12:56 | L10N | New Issue | |
2016-12-24 22:17 | L10N | Note Added: 0005530 | |
2016-12-24 22:18 | L10N | Note Added: 0005531 | |
2016-12-24 22:50 | L10N | Note Added: 0005532 | |
2016-12-27 16:50 | L10N | Note Added: 0005533 | |
2016-12-28 11:42 | L10N | Note Added: 0005535 | |
2017-08-30 11:34 | L10N | Note Added: 0005555 | |
2017-08-30 11:40 | L10N | Note Added: 0005556 | |
2019-09-08 21:21 | L10N | Status | new => closed |
2019-09-08 21:21 | L10N | Resolution | open => won't fix |
2019-09-08 21:23 | L10N | Status | closed => needs feedback |
2019-09-08 21:23 | L10N | Resolution | won't fix => reopened |
2019-09-08 21:23 | L10N | Note Added: 0005836 | |
2019-09-08 21:24 | L10N | Status | needs feedback => closed |
2019-09-08 21:24 | L10N | Resolution | reopened => won't fix |